Lucene search

[email protected]CVE-2022-2790

HistoryAug 19, 2022 - 11:15 p.m.

CVE-2022-2790

2022-08-1923:15:09

CWE-347

[email protected]

web.nvd.nist.gov

emerson electric

proficy machine edition

version 9.00

cwe-347

vulnerability

improper verification

cryptographic signature

compiled logic

data blocks

pdt files

bld files

blk files

5.9 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Emerson Electric’s Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).

Affected configurations

NVD

Node

emersonelectric\'s_proficyRange≤9.0.0machine

CPENameOperatorVersion
emerson:electric\'s_proficyemerson electric's proficyle9.0.0

CPE	Name	Operator	Version
emerson:electric\'s_proficy	emerson electric's proficy	le	9.0.0

CNA Affected

[
  {
    "product": "Proficy Machine Edition",
    "vendor": "Emerson Electric",
    "versions": [
      {
        "lessThanOrEqual": "9.00",
        "status": "affected",
        "version": "all",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-228-06

Social References

5.9 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2022-2790

prion1 nvd1 cvelist1 ics1